Windows SMB Remote Code Execution Vulnerability CVE-2020-1301

28/07/2020 14:10:48


On June 10, 2020 (Beijing time), Microsoft released the security update for June 2020, including patches for 129 vulnerabilities. This update covers multiple components and software including Microsoft Windows, Internet Explorer (IE), Office, Microsoft Edge, Windows Defender, etc. 11 of the 128 Common Vulnerabilities and Exposures were officially marked as Critical by Microsoft, and 118 of them were marked as "Important".

In addition, in security patch of June, there are 23 remote code execution vulnerabilities, 5 denials of service vulnerabilities, 70 privilege escalation vulnerabilities, and 11 information disclosure vulnerabilities. Overall, the security patches basically solved the vulnerabilities or bugs discovered in Windows this month. Among them, the following vulnerabilities POC has been publicized and caused a wide impact. It is recommended to fix them in time.

About Vulnerability
CVE-2020-1301, Microsoft Windows SMB Server Remote Code Execution Vulnerability The vulnerability is located in the SMBv1 driver while SMBv2 and SMBv3 versions are not affected. The trigger point of the vulnerability is the SMBv1 driver does not fully verify the SI_COPYFILE structure when processing the FSCTL_SIS_COPTFILE request in the MS-FSCC protocol, resulting in an integer overflow. To exploit this vulnerability, you need to pass SMB protocol authentication, which increases the difficulty. But SMBv1 is deployed in all versions from Windows 7-10, so the vulnerability has a wide range of impacts. Attackers who successfully exploit this vulnerability can execute arbitrary code on the target host.

Impacts



Reference
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1301

Timeline
June 9, 2020 Microsoft released a security bulletin on its website.
June 10, 2020 Sangfor FarSight Labs released issued a vulnerability warning article.

1. Mitigation measures:
1) Use strong passwords for SMB protocol authentication to avoid brute-force attack.

2) Turn off SMBv1 which has many security issues if it is unnecessary. Use SMBv2 or higher version protocol instead. For the method of turning off SMBv1 for each Windows version, please refer to the official Microsoft recommended solution:

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

2. Official patch:
Microsoft has officially updated the security patches of the affected software. Users can download and install the corresponding security patches according to different systems. inks:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1301

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.